Re: [openssl-users] Checking if an EVP_PKEY* contains a private key

[Victor Wagner]

On Mon, 21 Dec 2015 21:29:03 -0800
Stephen Kou  wrote:

> OpenSSL has the higher-level EVP_PKEY_* functions which work
> abstracts the public key cryptography algorithms.  However, sometimes
> a EVP_PKEY* only has a public key.  How could I check if a given
> EVP_PKEY* contains a private key?  I could use EVP_PKEY_decrypt_init
> and see if it returns an error, but that seems to be quite
> heavy-handed for what seems to be a simple check.  The other option
> is to go through the EVP_PKEY_get0_* functions and investigate the
> underlying mechanism directly (e.g. EVP_PKEY_get0_RSA and checking
> the RSA*'s private exponent is NULL), but that is also clumsy as I'll
> have to write code for every possible algorithm.

You cannot use EVP_PKEY_decrypt_init if you want code, which works for
for every possible algorithm, because every possible public key
algorithm doesn't required to support encrypt/decrypt operation. For
instance, DSA supports only sign/verify, DH - derive, EC_KEY - both of
them, but not encrypt/decrypt.
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Converting Bin format to X509 format

[Victor Wagner]

On Wed, 22 Jul 2015 09:17:43 + (UTC)
Anirudh Raghunath anirudhraghun...@rocketmail.com wrote:

 Hello,
 I have used rsault -sign option to sign a text file which gives me a
 binary file. I would like to convert this to X509 so that I can use
 it in a ssl handshake. I understand the command: openssl x509 -inform
 format -in certfile -out cert.pem is used. I want to know what
 the parameters would be for a binary input file. Thanks in advance. 

Unfortunately signed text file and certificate are quite different
things.

Of course, certificate is signed electronic document. But it is
document of special binary format, which contains public key and
information about owner of corresponding private key.

And typically, it is not signed by you, it is signed by Certificate
Authority (known to server).

When you use certificate (and corresponding private key) during SSL
handshake, it means than server sends you something, you sign this
something using your private key and send signature to server along
with certificate.

Server verifies signature under data, which it remembers it have been
sent to you, using public key contained in the certificate, and says
Ok, this guy really owns private key corresponding to public key in
this certificate. It also verifies signature under certificate using
known beforehand and trusted CA certificates, to make sure that  public
key stored in the certificate
really belongs to person mentioned in the certificate subject field.

So, if you sign some text file using your certificate, this signature
cannot be used in the SSL handshake any way. Because you've signed some
text file, not a challenge send by server during SSL handshake.

This signature proves that you, owner of private key,
have had access to
this text file (provided your private key is not compromised), but
there is no way to use this signature to prove that your are one, who
established connection with server. To prove so, you have to sign
something send to your from server, not some data, known beforehand. 

Really, option -sign of this utility may produce some signed document
format such as PKCS#7 or CMS, which contains signer's certificate.

For same purpose which I've described above. If someone wants to verify
if you've signed this file, one should have your certificate, with
public key and your name in it. Simplest way to ensure this is to
attach certificate to the signed message. Then recipient of message can
validate certificate, extracted from message with known and trusted CA
and then use it to verify signature under message.

If you want use such a curved way to extract certificate from card, it
is possbile, provided that your  rsautl produces standard signed message
format, i.e PKCS#7

may be

openssl pkcs7 -inform der -in signedfile.bin -print_certs

would do the trick and write certificate of one who signed the file into
filename.pem

But this is not called convert signed file to X509 format, it is
called extract X509 certificate from signed file.
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Getting certificates from smartcards

[Victor Wagner]

On Tue, 21 Jul 2015 13:58:21 + (UTC)
Anirudh Raghunath anirudhraghun...@rocketmail.com wrote:

 Ah okay, that clears up quite a lot of doubts. But the certificate I
 want to load is a self signed certificate which has a private key
 attached to it. I used the XCA application to export the
 certificate-private key pair as a p12 file to the smart card. What
 should I do to get the certificate in this case? Thanks.
 

It doesn't matter how you've installed certificate into smart card.
Once it, and its corresponding private key is installed on the card,
you can access them separately, using PKCS#11 API (and command-line
pkcs11-tool utility). So, you can extract just certificate from
certificate-private key pair and put it into the file (but typically
you cannot extract private key. You can only use PKCS11 API or OpenSSL
ENGINE API on top of it to perform cryptographic operations with this
private key. This is what smartcards are for). 

If you have opensc pkcs11 engine, you also should have pkcs11-tool from
opensc project.

Use 

pkcs11-tool --module your pkcs11 module --list-objects

to find out which certificate-private key pairs are available on your
card (you probably already know ID of your key pair, because you've used
ENGINE_load_private_key, and it requires key id as argument).

Then use

pkcs11-tool --module your pkcs11 module --write-object id 
 --type cert --output-file filename.der

to extract certificate from card.  You can then convert it to pem
format using 

openssl x509 -in filename.der -inform DER -out filename.pem

or can just use function SSL_CTX_use_certificate_file passing
SSL_FILETYPE_ASN1 as its argument.

Personally I consider it ugly that one need to extract certificate from
token before it can be used in openssl-based applications for any
purpose except SSL-client authentication.

Function

int ENGINE_load_certificate(ENGINE *e, const char *key id,
UI_METHOD *ui_method, void *callback_data)

is clearly missing from API.

Existence of such function would allow to use smartcards and other
hardware tokens to be used

1. In the server applications
2. In the non-SSL (i.e. CMS signing) applications
3. For secondary protocols like OCSP or timestamping authority.
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Getting certificates from smartcards

[Victor Wagner]

On Tue, 21 Jul 2015 06:58:24 + (UTC)
Anirudh Raghunath anirudhraghun...@rocketmail.com wrote:

 Hello,
 I would like to utilize the ENGINE_load_ssl_client_cert() function to
 load a certificate from my smart card. I have successfully loaded the
 engine and have also tried to play around with the
 ENGINE_load_private_key() function. It worked successfully and I was
 able to get the private key in an EVP_PKEY object. But I also want
 the certificate associated with it. I looked at the code of
 ENGINE_load_ssl_client_cert() but cannot understand the parameters
 passed to it. Can someone please guide me on how to use it and
 perhaps give a working example of the call to that function with the
 parameters clearly mentioned and explained? Thanks in advance. 
 

As far as I can understand, this function is designed to be called from
the client certificate callback, set with function
SSL_CTX_set_client_cert_cb. This callback gets pointer to SSL structure
(which should be passed to ENGINE_load_ssl_client_cert) and can use
SSL_get_client_CA_list to obtain list of CAs, which server would trust.
(SSL protocol allows to send this list to client).

So, you would pass to the ENGINE_load_ssl_client_certs

1. reference to engine to use
2. pointer to SSL object of your client connection (don't know why it
might be needed), 
3. list of CA distinguished names (ca_dn) which server would trust.
You can obtain it from the SSL structure passed to your callback and
possibly filter something out of it.
4. Three pointers to variables where result should be placed - 
one for certificate, other for private key and third for the stack of
intermediate CA certificates
5. UI method and its callback data (which you should be already
familiar with, because you have successfully managed to use
ENGINE_load_private_key).

Engine ought to find certificate-private key pair, where certificate is
issued by one of the CA in the list you pass (or at least chain of
trust from it to one of these CAs can be build)

Then engine asks user for PIN-code of private key and returns all the
objects - certificate, private key and chain of trust from this
certificate to one of CAs you've passed to it.

Probably, there can be situation where more than one certificate in the
hardware token matches given criteria (issued by one of given CA).
In this case engine should use ui_method to ask user which one of them
he wants to use.

Unfortunately, I do not know any engine which does all the things above.
I've looked into source of OpenSC pkcs11 engine version 0.1.8 and found
out that it doesn't support this function.

So I have to copy certificate out of token into file using pkcs11-tool
and use ENGINE_load_private_key to load key from token.
.

___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Loading pkcs11 engine opensc without using command line

[Victor Wagner]

On Fri, 17 Jul 2015 00:10:27 +
Dr. Stephen Henson st...@openssl.org wrote:

 On Thu, Jul 16, 2015, Anirudh Raghunath wrote:
 
  Hello, 
  
  I want to write a program in which I can load a certificate from a
  smartcard instead of having it in a file on the client machine. In
 
 You may be able to make use of the automatic dynamic engine loading
 mechanism to simplify things. You can pass the ENGINE DSO path as the
 ENGINE name or to the function ENGINE_by_id() and it should load it.
 
 I suggest you try it with the command line utility first.

Does openssl trunk already have API to load certificate from the engine?
Last time I've looked for this API I've only found

int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s,
STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **ppkey,
STACK_OF(X509) **pother,
UI_METHOD *ui_method, void *callback_data);

which seems to be a bit too specific (where would I get an SSL pointer
if I want to use this certificate in the mail client to sign a CMS
message?) and is not supported by opensc PKCS11 engine.


 Steve.
 --
 Dr Stephen N. Henson. OpenSSL project core developer.
 Commercial tech support now available see: http://www.openssl.org
 ___
 openssl-users mailing list
 To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Not Before and Not After Date format for openssl API X509_gmtime_adj

[Victor Wagner]

On Tue, 14 Jul 2015 20:35:31 +0200
Jakob Bohm jb-open...@wisemo.com wrote:


 Does ASN1_TIME_set_string() support dates outside the
 time_t range of the local libc?

Why do yo need time dates outside of 64-bit integer range?
Sun would explode into red giant sooner than that amount of time passes.

 
 This is important when creating root certs with expiry
 dates after 2038 (specifically, any time = epoch+2**31).

I don't think that it is a good idea to issue certificates with 
expire dates after 2038 now.

Notice - several years ago MD5 collision was discovered, and
certificates signed with md5WithRsaEncryption was phased out.

Now browser manufacturers planning to phase out sha1 certificates, even
though there is no published collision generation for sha1, people
are thinking it is possible enough to avoid using this hashing
algorithms.

There are interesting mathematic results concerning big number
factorization, and experiments with quantum computing, so it seems that
soon we'll have to abandon RSA at all and use only EC algorithms.

So I don't think that one should issue certificates valid for more than
10 years, if he hopes to have even marginal security.

 It is also important when creating self-signed Android
 apk signing certificates (which /must/ be valid for at
 least 30 years).
  
Does android really have 32-bit time_t? And is it really signed?
I've thought that all modern systems have already switched to 64-bit
time_t or at least iterpret time_t as unsigned, which give time up to
2106.

___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Not Before and Not After Date format for openssl API X509_gmtime_adj

[Victor Wagner]

On Mon, 13 Jul 2015 12:25:40 +0530
Nayna Jain naynj...@in.ibm.com wrote:

 
 Hi all,
 
 I am programmatically generating the self signed certificate and need
 to specify the Not Before and Not After date,
 
 Wanted to understand what all formats are acceptable by this API ?

X509_set_notAfter and X509_set_notBefore API expect ASN1_TIME structure.
You can use ASN1_TIME_set function to fill this structure. It expects
integer time_t value.

X509_cmp_time also expects integer time_t value.

So integer number of seconds since the beginning of the epoch (1.1.1970
GMT) is everything you need.

There is also ASN1_TINE_set_string function, which does deal with some
datetime format, but I suggest never use it. Use C runtime library
function strptime, which allows to specify format explicitely or mktime
to prepare time_t value from the user input. And use OpenSSL
ASN1_TIME_print function to convert ASN1_TIME to human-readble form.



 
 Also,  similarly while using API , what exactly is the time format
 expected by X509_cmp_time(X509_get_notAfter(iv_pX509), ...);
 
 Thanks  Regards,
 Nayna Jain
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users